Gatsby: GA Plugin and GDPR

To know if the user is browsing from EU, we'd have to use an IP Geolocation service. I don't know any that's free.
As an easy workaround, we could detect the timezone of the user and from there extrapolate it's location.
@kbariotis would you like to submit a PR doing that ?

No @sebastienfi I don't think this is Gatsby's responsibility at all. This must be left at the owner's choice. Gatsby should just give control to the owner whether the plugin is enabled or not and allow to enable it at run time, rather than built time.

I could start by adding an enabled/disabled flag on the plugin. How does that sound?

We use a specific CDN for Europe and another set of CDN for the rest of the world.
We deploy a specific build of Gatsby to Europe. With a straightforward system: once the user clicks on "I agree" we set window.gdpr-agreed = true. Then in Gatsby, we have a condition declaring the GTM & GA code if(window.gdpr-agreed) ....
If the user agreed, a cookie stores this value and the next browse, window.gdpr-agreed will be set from the cookie value.
It would be cool a cool feature to have this embedded in the gatsby-plugin. I can see more elegant scenarios.

Is what you propose to integrate an option in the plugin to activate the check on whether window.gdpr-agreed is right, and submit an example of integration to define that value?

Send your PR, and I'm happy to review :) It would be welcome to have an example site like example-Europe-gdpr.

Btw. using google analytics is OK (even in Europe) if you anonymize IPs and also disable cross session (bad) cookies.

With this config tracking should be fine:

gtag('config', 'UA-...', {
      'anonymize_ip': true,
      'cookie_expires': 0
  });

Ofc. you lose cross-session user tracking feature of analytics, but it might be good for many developers who jsut want to do basic tracking and don't care about GDPR.

Currently plugin allows to anonymize IP, but doesn't allow (cannot see option) to enable session only cookies - cookie_expires.

As I understand (don't take as lawyer advice) whole GDPR (no consent) compliant code might be:

<script async src="https://www.googletagmanager.com/gtag/js?id=UA-XYZ"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'UA-XYZ', {
      'anonymize_ip': true,
      'cookie_expires': 0
  });
</script>

@jurosh Thanks, that's very helpful! Looks like cokies_expires is now also available as cookieExpires in the plugin too: https://github.com/gatsbyjs/gatsby/tree/master/packages/gatsby-plugin-google-analytics#create-only-fields

Hi,
I'm adding here the way I worked to implement a GDPR cookie notice on a Gatsby website. I'm sure it's not "as it should be", but it's working with tarteaucitron.js, one of the tool recommended by the french government to handle cookies.

Maybe it can help others facing the same difficulties.

First, I imported tarteaucitron into the scripts folder of my static folder.
After, I used the method to customize my html js.
Before the closing of </head>, I added this
<script type="text/javascript" src={withPrefix('/scripts/tarteaucitron/tarteaucitron.js')}></script>
Then before the closing of </body>, I added
<script dangerouslySetInnerHTML={{
__html: ` tarteaucitron.init({
"privacyUrl": "", /* Privacy policy url */

    "hashtag": "#tarteaucitron", /* Open the panel with this hashtag */
    "cookieName": "tartaucitron", /* Cookie name */

    "orientation": "top", /* Banner position (top - bottom) */
    "showAlertSmall": true, /* Show the small banner on bottom right */
    "cookieslist": true, /* Show the cookie list */

    "adblocker": true, /* Show a Warning if an adblocker is detected */
    "AcceptAllCta" : true, /* Show the accept all button when highPrivacy on */
    "highPrivacy": false, /* Disable auto consent */
    "handleBrowserDNTRequest": false, /* If Do Not Track == 1, accept all */

    "removeCredit": true, /* Remove credit link */
    "moreInfoLink": true, /* Show more info link */

    //"cookieDomain": ".my-multisite-domaine.fr" /* Shared cookie for subdomain */
    });

    `,

}}
/>`

And that's it. Hope it can help

I published this a couple months back for GDPR compliance:
https://www.gatsbyjs.org/packages/gatsby-plugin-cookiehub/

Cookiehub looked way nicer than tarteaucitron.

Yes, it does, but it's not as customizable as Tarteaucitron :(
And I needed some services other than GA, that Cookiehub doesn't support! But I tried your plugin when I started working on my project and it worked as expected :)
Le 16/01/2019 à 14:43, Michele Memoli a écrit :

I published this a couple months back for GDPR compliance:
https://www.gatsbyjs.org/packages/gatsby-plugin-cookiehub/

Cookiehub looked way nicer than tarteaucitron.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

Hiya!

This issue has gone quiet. Spooky quiet. 👻

We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here.

If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

Thanks for being a part of the Gatsby community! 💪💜

Hey again!

It’s been 30 days since anything happened on this issue, so our friendly neighborhood robot (that’s me!) is going to close it.

Please keep in mind that I’m only a robot, so if I’ve closed this issue in error, I’m HUMAN_EMOTION_SORRY. Please feel free to reopen this issue or create a new one if you need anything else.

Thanks again for being part of the Gatsby community!

I published this a couple months back for GDPR compliance:
https://www.gatsbyjs.org/packages/gatsby-plugin-cookiehub/

Cookiehub looked way nicer than tarteaucitron.

I can't seem to find the widget ID on cookie hub, would you mind telling me where to look for it?